I recently configured a set of HP Procurves to log to our LEM using Syslog. It actually went quite well. Once I redirected them to the LEM it noticed them in the node management and I was able to get them to log and setup rules etc. They were sending to Syslog with the default facility of user. When I looked in the User facility on the LEM via SSH, I could see a pretty constant 5MB of data in that log.
Today I came in and the LEM hasn't received data since 6 AM. The user log on the lem now shows as empty. I didn't change anything on the LEM or the procurves but nothing is coming through.
What would cause this to truncate and why wouldn't it keep on going?
Looking through solarwinds at the last logs it did receive there was a parsing error.. not on all but just from one. Would that impact the whole thing?
Thx
J